Nomisec Exploits
22,796 exploits tracked across all sources.
Concrete CMS 8.5.12 and below, 9.0-9.2.1 - Stored Cross-Site Scripting via Plural Handle of Data Objects
A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.
by sromanhu
CVSS 5.4
Ivanti Avalanche < 6.4.1 - Remote Code Execution via Crafted Message
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.
Thanks to a Researcher at Tenable for finding and reporting.
Fixed in version 6.4.1.
by x0rb3l
CVSS 9.8
Concrete CMS 9.2.1 - Stored Cross-Site Scripting in SEO & Statistics Tracking Codes
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. Also, the exploitation method claimed by "sromanhu" does not provide any access to a Concrete CMS session, because the Concrete CMS session cookie is configured as HttpOnly.
by sromanhu
CVSS 4.8
GDidees CMS 3.0 - Stored Cross-Site Scripting via Page Title
GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.
by sromanhu
CVSS 5.4
WhatsApp < 2.19.244 - Remote Code Execution via GIF Image Parsing
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
by tucommenceapousser
Weaver E-Office 9.5 - Unrestricted Upload of File with Dangerous Type via upload_quwan Parameter
A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by Any3ite
WhatsApp < 2.19.244 - Remote Code Execution via GIF Image Parsing
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
by tucommenceapousser
VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
by Malwareman007
Juniper Networks Junos OS on EX Series <20.4R3-S9 - PHP External Variable Modification
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.
Using a crafted request an attacker is able to modify
certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on EX Series:
* All versions prior to 20.4R3-S9;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S7;
* 21.3 versions
prior to
21.3R3-S5;
* 21.4 versions
prior to
21.4R3-S5;
* 22.1 versions
prior to
22.1R3-S4;
* 22.2 versions
prior to
22.2R3-S2;
* 22.3 versions
prior to 22.3R3-S1;
* 22.4 versions
prior to
22.4R2-S2, 22.4R3;
* 23.2 versions prior to
23.2R1-S1, 23.2R2.
by r3dcl1ff
Activity Log WP <2.8.8 - Info Disclosure
This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
by b0marek
CVSS 5.3
DoLogin Security WP <3.7.1 - Info Disclosure
The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.
by b0marek
CVSS 6.5
DoLogin Security WordPress plugin < 3.7 - Stored Cross-Site Scripting via X-Forwarded-For Header
The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.
by b0marek
CVSS 6.1
URL Shortify < 1.7.6 - Unauthenticated Stored Cross-Site Scripting via Referer Header
The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.
by b0marek
CVSS 6.1
DoLogin Security WP <3.7 - Info Disclosure
The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.
by b0marek
CVSS 5.3
User Activity Log <1.6.7 - Info Disclosure
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
by b0marek
CVSS 7.5
All-In-One Security WordPress Plugin < 5.1.5 - Stored Cross-Site Scripting via Log File Content
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page.
by b0marek
CVSS 4.8
AIOS WordPress <5.1.5 - Info Disclosure
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.
by b0marek
CVSS 4.9
Froala Editor 4.1.1 - Stored Cross-Site Scripting via Insert Link Parameter
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.
by b0marek
CVSS 6.1
Elasticsearch 7.0.0-7.17.12 - Denial of Service via _search API Query String
A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
by sqrtZeroKnowledge
Simple and Nice Shopping Cart Script <1.0 - RCE
File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component.
by SoundarXploit
CVSS 8.8
Blood Bank & Donor Management v2.2 - XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters.
by SoundarXploit
CVSS 5.4
Macs CMS 1.1.4f - Authentication Bypass via PHP Type Confusion in isValidLogin()
In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.
by ally-petitt
CVSS 9.8
SpaceLogic C-Bus Home Controller < 1.31.460 - OS Command Injection
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller (5200WHC2), formerly known as C-Bus Wiser Homer Controller MK2 (V1.31.460 and prior)
by K3ysTr0K3R
RiteCMS 3.0 - Stored Cross-Site Scripting via SVG File Upload
A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content.
by sromanhu
CVSS 4.8
RiteCMS 3.0 - Stored Cross-Site Scripting in Global Content Blocks
Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu.
by sromanhu
CVSS 4.8
By Source